In this configuration it is described as a brouter because it must be told how to route traffic. The Linksys Untangle router supports bridge mode but only has a single WAN port which makes it a problem for WAN fail-over and balancing (again there may be a solution for a second WAN if you are interested).įortunately there are quite good instructions for setting up Untangle in bridge mode on the Untangle Wiki. The Unifi USG does not readily support pass-through (there is apparently a solution for USG pass-through that I have not tried) but does support WAN balancing and fail-over which I wanted. This meant I no longer had visibility of the devices and users connecting to the network through the Untangle (which is why this setup is also not recommended) but hey everything was working!Īfter agonising about whether to ditch the USG again and just use the Linksys Untangle router as the edge device, I decided it was worth trying in bridge mode. Once that was working correctly I started to shift all devices to the Unifi Wireless Access Points (WAPs) or wired Ethernet connections and then disabled the Wifi on the Linksys Untangle router. Essentially this meant having a router behind a router. This was the application I’d originally acquired Untangle for but it is not recommended for complex networks with multiple Virtual LANs (VLANs).Īfter unpacking and connecting everything I was finally able to get the USG working behind the untangle router. Untangle is a complete solution with firewall, virus scanning, malware and ad blocking, web filtering, Virtual Private Network (VPN), intrusion detection and prevention and more. Then I would setup the Linksys Untangle router behind the USG to act as a UTM. I wanted the Unifi cloud controller to give me visibility and control of all of the network devices including the USG as the edge device. When I moved recently I decided to unpack the Unifi gear and see whether I could get this working the way I had originally intended it to. As it turns out this is recommended for Untangle in most situations. After trying a few configurations I decide to abandon the USG altogether and just use the Linksys Untangle router as my gateway device. There were different opinions on whether the USG was needed, should be used in combination with an Untangle NG Firewall device and even how it should be implemented. I had already acquired and setup the Linksys Untangle router as my gateway device before I looked into the Unifi product range. However there are some complaints about set up of the cloud key and USG not being intuitive and I understand that because it really tested my patience. Unifi offers a cloud key as a way to control the network remotely which is also appealing. The Unifi Security Gateway (USG) has mixed reviews and many recommend the Ubiquiti edge router as an alternative.
Once it’s setup I really like the approach to software configuration and visibility of the network this provides. There is a lot of enthusiasim for the Ubiquiti Unifi range of products for home enthusiasts as well as for commercial use. I didn’t have a suitable device and the cost of buying and hassle of setting this up was too much. There are hardware and software products available for this but they typically require dedicated hardware and virtual machines. I discovered that the solution is called Unified Threat Management (UTM). When I started on this quest to secure my network I was looking for a solution that would sit inside my network and monitor all internal and out-going traffic. It needs improvement but I believe every solution needs improvement.Unifi home network with Linksys Untangle in bridge mode for Unified Threat Management (UTM). There're a number of functionalities missing in Untangle. For example, I've seen firewalls where, let's say for example there's an infected machine within your network, they give you an alert or automatically block it from your network or mailing system. I believe there are more functionalities which they can improve and prevent for security and management of internet within a corporate environment. For example, you want to block a range of between 50 and 100 of an IP, I haven't seen that capability. I know it has the capability to block specific IPs but I have not seen the capability to block a specific range of IPs. Functionality wise, they should try to put more options on some of the modules like web filtering capability. You have to use the commercial module for you to get effective results.
If you use the free model, is not that effective.
For the web filter, I think they can do better especially on the free model. There quite a number of modules I've not used.